CONTAINER-ORIENTED LINUX KERNEL VIRTUALIZING SYSTEM AND METHOD THEREOF

    公开(公告)号:US20230092214A1

    公开(公告)日:2023-03-23

    申请号:US17661991

    申请日:2022-05-04

    Abstract: The present invention relates to a container-oriented Linux kernel virtualizing system, at least comprising: a virtual kernel constructing module, being configured to provide a virtual kernel customization template for a user to edit and customize a virtual kernel of a container, and generate the virtual kernel taking a form of a loadable kernel module based on the edited virtual kernel customization template; and a virtual kernel instance module, being configured to reconstruct and isolate a Linux kernel, and operate a virtual kernel instance in a separate address space in response to a kernel request from a corresponding container. The container-oriented Linux kernel virtualizing system of the present invention is based on the use of a loadable module.

    ANTI-TRAPDOOR-LEAKAGE ON-CHAIN DATA RESTORATION SYSTEM AND METHOD THEREOF

    公开(公告)号:US20230085807A1

    公开(公告)日:2023-03-23

    申请号:US17664767

    申请日:2022-05-24

    Abstract: The present invention provides an anti-trapdoor-leakage on-chain data restoration system, at least comprising: a blockchain node, for broadcasting transaction data of a request-initiating person to blockchain nodes and proposer nodes in other groups, respectively; and a proposer node, for performing computation of a Chameleon-Hash function using a key set that is generated by a key-generating module provided in the proposer node, packaging the transaction data to generate a new block, and distributing the new block to all the blockchain nodes so that the blockchain nodes update their respective underlying ledgers according to the new blocks broadcasted by the proposer. The system of the present invention not only realizes such functions as restoration and editing of the transaction data, but also protects operational security and reliability of blockchains.

    METHOD FOR HIGH-PERFORMANCE TRACEABILITY QUERY ORIENTED TO MULTI-CHAIN DATA ASSOCIATION

    公开(公告)号:US20220309080A1

    公开(公告)日:2022-09-29

    申请号:US17455502

    申请日:2021-11-18

    Abstract: The present invention relates a method for high-performance traceability query oriented to multi-chain data association, comprising: identifying a target transaction needing the traceability query; searching out all corresponding target chains based on cross-chain transaction data association; making query requests parallelly; and executing the query among the target chains according to a key value of the target transaction and returning query results. The blockchain traceability query method proposed by the present invention is different from serialized block data query conducted in the chain-type structure, and the disclosed cross-chain query operation can be parallelly executed, leading to improved efficiency of traceability query. Opposite to the conventional blockchain where blocks are used as nodes of chains, the present invention directly uses sub blockchains as nodes of the SRB. Since sub blockchains can be dynamically added or removed, the present invention enhances the scalability of the entire system.

    Method and device for text-enhanced knowledge graph joint representation learning

    公开(公告)号:US20220147836A1

    公开(公告)日:2022-05-12

    申请号:US17169869

    申请日:2021-02-08

    Abstract: The present invention relates to method and device for text-enhanced knowledge graph joint representation learning, the method at least comprises: learning a structure vector representation based on entity objects and their relation linking in a knowledge graph and forming structure representation vectors; discriminating credibility of reliable feature information and building an attention mechanism model, aggregating vectors of different sentences and obtain association-discriminated text representation vectors; and building a joint representation learning model, and using a dynamic parameter-generating strategy to perform joint learning for the text representation vectors and the structure representation vectors based on the joint representation learning model. The present invention selective enhances entity/relation vectors based on significance of associated texts, so as to provide improved semantic expressiveness, and uses 2D convolution operations to train joint representation vectors. As compared to traditional translation models, the disclosed model has better performance in tasks like link prediction and triad classification.

    NVM-BASED METHOD FOR PERFORMANCE ACCELERATION OF CONTAINERS

    公开(公告)号:US20200334066A1

    公开(公告)日:2020-10-22

    申请号:US16773004

    申请日:2020-01-27

    Abstract: The present disclosure discloses a NVM-based method for performance acceleration of containers. The method comprises classifying each image layer of mirror images as either an LAL (Layer above LDL) or an LBL (Layer below LDL) during deployment of containers; storing the LALs into a non-volatile memory and selectively storing each said LBL into one of the non-volatile memory and a hard drive; acquiring hot image files required by the containers during startup and/or operation of the containers and storing the hot image files required by the containers into the non-volatile memory; and sorting the mirror images in terms of access frequency according to at least numbers of times of access to the hot image files so as to release the non-volatile memory currently occupied by the mirror image having the lowest access frequency when the non-volatile memory is short of storage space.

    ACCELERATION METHOD FOR FPGA-BASED DISTRIBUTED STREAM PROCESSING SYSTEM

    公开(公告)号:US20200326992A1

    公开(公告)日:2020-10-15

    申请号:US16752870

    申请日:2020-01-27

    Inventor: Hai JIN Song Wu

    Abstract: The present invention relates to an acceleration method for an FPGA-based distributed stream processing system, which accomplishes computational processing of stream processing operations through collaborative computing conducted by FPGA devices and a CPU module and at least comprises following steps: building the FPGA-based distributed stream processing system having a master node by installing the FPGA devices on slave nodes; dividing stream applications into first tasks suitable to be executed by the FPGA devices and second tasks suitable to be executed by the CPU module; and where the stream applications submitted to the master node are configured with kernel files that can be compiled and executed by the FPGA devices or with uploading paths of the kernel files, making the master node allocate and schedule resources by pre-processing the stream applications.

    TRUSTZONE-BASED SECURITY ISOLATION METHOD FOR SHARED LIBRARY AND SYSTEM THEREOF

    公开(公告)号:US20190294798A1

    公开(公告)日:2019-09-26

    申请号:US16109870

    申请日:2018-08-23

    Abstract: The present invention provides a TrustZone-based security isolation system for shared library, the system at least comprising: a sandbox creator, a library controller, and an interceptor, the sandbox creator, in a normal world, dynamically creating a sandbox isolated from a Rich OS, the interceptor, intercepting corresponding system-calling information and/or Android framework APIs by means of inter-process stack inspection, the library controller, performing analysis based on the intercepted system-calling information and/or Android framework APIs, redirecting a library function to the sandbox, and switching calling states of the library function in the sandbox as well as setting up a library authority. The present invention has good versatility, low cost and high security. It realizes isolation of the library without increasing the trusted bases in the Secure World of the TrustZone, effectively reducing the risk of being attacked.

    CLOUD TENANT ORIENTED METHOD AND SYSTEM FOR PROTECTING PRIVACY DATA

    公开(公告)号:US20190281074A1

    公开(公告)日:2019-09-12

    申请号:US16109846

    申请日:2018-08-23

    Abstract: The present invention involves with a cloud tenant oriented method and system for protecting privacy data. The method comprises at least the following steps: analyzing event handler information and/or behavioral signature information of request information and determining an execution mode, selecting at least one node without a behavioral signature plot to execute the tenant request and recording an execution result, generating a behavioral signature plot based on the execution result, and dynamically detecting security-sensitive behavior based on the behavioral signature plot. The present invention ensures data security during processing of security-sensitive data for cloud services by adopting a technology based on behavioral signatures, and prevents attackers from exploiting vulnerabilities and bypassing security control to conduct malicious operations. When there is no corresponding behavioral signature plots, multiples nodes are selected for processing of event handlers, and private data are dynamically protected based on behavioral signature plots, so as to assure secure execution results, provide fine-grained protection for security-sensitive behavior and protect data security while maintaining relatively low performance costs.

    METHOD AND SYSTEM OF STATE CONSISTENCY PROTECTION FOR INTEL SGX

    公开(公告)号:US20190228135A1

    公开(公告)日:2019-07-25

    申请号:US16169632

    申请日:2018-10-24

    Abstract: The present invention involves with a method and system of state consistency protection for Intel software guard extension (SGX). In a method of state consistency protection for a central processing unit capable of creating enclaves, the central processing unit supports creation of at least one enclave, wherein the central processing unit communicates with a remote server providing services for the central processing unit through remote communication and the remote server has a remote attestation module, configuring the remote attestation module to facilitate the completion of every execution state storing operation and/or every execution state restoring operation, wherein the remote attestation refers to an attestation mechanism by which the central processing unit proves to the remote server that it has created the specific enclave in a local platform so that the remote server trusts the specific enclave. The present invention does not require special hardware and is favorable to cross-platform migration.

Patent Agency Ranking